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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address » 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS. 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 01 October 2007 . 
2a)l3 This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-38 is/are pending in the application. 

4a) Of the above claim{s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) S Claim(s) 1-38 is/are rejected. 

Claim(s) is/are objected to. 

8) n Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 30 September 2003 Is/are: a)IEl accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f), 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action. for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-38 have been examined. 



Double Patenting 

2. The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper time wise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection 
is appropriate where the conflicting claims are not identical, but at least one examined 
application claim is not patentably distinct from the reference claim(s) because the examined 
application claim is either anticipated by, or would have been obvious over, the reference 
claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re 
Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 
USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re 
Vogel 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may 
be used to overcome an actual or provisional rejection based on a nonstatutory double patenting 
ground provided the conflicting application or patent either is shown to be conmionly owned 
with this application, or claims an invention made as a result of activities undertaken, within the 
scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 
3.73(b). 

3. Claims 1-38 are provisionally rejected on the ground of nonstatutory obviousness-type 
double patenting as being unpatentable over claims 1-38 of copending Application No. 
10/431,193, Although the conflicting claims are not identical, they are not patentably distinct 
from each other because both application disclose a method for communication path analysis 
wherein database updates upon comparison of first and second set of rules. 

This is a provisional obviousness-type double patenting rejection because the conflicting 



claims have not in fact been patented. 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1-38 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jonas U.S. 
Pub. No. 20040162802 (hereinafter Jonas). 

6. As per claim 1, Jonas discloses a method for communication path analysis, the method 
comprising: retrieving a first communication path rule and a second conmiunication path rule for 
an access control device, each rule comprising at least one path attribute type specifying at least 
one attribute range and at least one path operation type specifying at least one operation (Jonas: 
[0010]: data sets include different fields); inserting the first rule into a database (Jonas: [0013]); 
determining, for at least one path attribute type, whether at least a portion of an attribute range of 
the second rule corresponds to at least a portion of an attribute range of the first rule; and when at 
least a portion of an attribute range of the second rule does not correspond to an attribute range 
of the first rule for the analyzed path attribute type, inserting the non-corresponding portion of 
the attribute range of the second rule into the database, along with the at least one operation of 
the second rule (Jonas: [0017]-[0018]: creating a new entry into the database if no match is found 
or creating entry of the difference between new and existing entries). Jonas does not explicitly 
disclose the data is path rules used in firewall environment. However, it would be obvious to one 
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with ordinary skill in the art to apply the database management technique on any data including 
conmiimication path rules used for access control rules/policies stored withiii a database. 

7. As per claims 2, Jonas discloses the method of claim 1 . Jonas further discloses wherein 
retrieving a communication path rule comprises parsing the rule from a firewall configuration 
file (Jonas: [0013]). Same rationale applies here as above in rejecting claim 1. 

8. As per claim 3, Jonas discloses the method of claim 1 . Jonas does not expHcitly disclose 
wherein the at least one path attribute type comprises one or more of destination address, source 
address, service type, and communication time. However, standard firewall configuration files 
includes filters is well known in the art to include the above-mentioned attributes. 

9. As per claim 4, Jonas discloses the method of claim 1 . Jonas further discloses wherein 
inserting the first rule into a database comprises placing the at least one attribute and the at least 
one operation into a relational database having separate tables for the path attribute type and the 
path operation type (Jonas: [0017]). 

10. As per claim 5, Jonas discloses the method of claim 1 . Jonas ftirther discloses 
determining whether a database query has been received; and if a query has been received, 
searching the database to determine whether any communication path rules satisfy the query 
(Jonas: [0013]: utilizing database structure). 
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11. As per claim 6, Jonas discloses the method of claim 1 . Jonas does not explicitly disclose 
wherein the query criteria comprise one or more of destination address, source address, service 
type, and communication time. However, standard firewall configuration files includes filters is 
well known in the art to include the above-mentioned attributes and it would have been obvious 
to one having ordinary skill in the art to use those attribute information in comparing two data 
sets (Jonas: [0031]). 

12. As per claim 7, Jonas discloses the method of claim 1 . Jonas further discloses wherein: 
determining whether an attribute of the second rule corresponds to an attribute of the first rule for 
at least one path attribute type comprises performing a set difference operation between 
attributes of the second rule and attributes of the first rule for the at least one path attribute type; 
and inserting the attribute of the second rule that does not correspond to an attribute of the first 
rule into the database comprises inserting the results of the set difference operation into the 
database (Jonas: [003 1 ]). 

13. As per claim 8, Jonas discloses the method of claim 1 . Jonas further discloses wherein 
inserting the attribute of second rule that does not correspond to an attribute of the first rule into 
the database comprises attempting to group at least one type of non-corresponding attributes of 
the second rule into ranges (Jonas: [0031]). 
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14. As per claim 9, Jonas discloses the method of claim 1 . Jonas further discloses retrieving a 
first communication path rule for a second access control device; and inserting the first 
communication path rule for the second access control device into the database (Jonas: [003 1]). 

15. As per claim 10, Jonas discloses the method of claim 9. Jonas further discloses 
determining whether a database query has been received; and if a query has been received, 
searching the database to determine whether any communication path rules satisfy the query 
(Jonas: [0013]: utilize database structure). 

16. As per claim 1 1 , Jonas discloses the method of claim 1 . Jonas further discloses wherein 
determining whether an attribute of the second rule corresponds to an attribute of the first rule for 
at least one path attribute type is performed only for a set of operations (Jonas: [0017]: 
determining if any field in the data match). 

17. As per claim 12-38, claims 12-38 disclose system and article that encompass the same 
scope as claims 1-11. Therefore, claims 12-38 are rejected based on the same reasons set forth 
above in rejecting claims 1-11. 

Response to Arguments 

18. Applicant's arguments filed on 10/9/07 have been fully considered but they are not 
persuasive. 
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Regarding applicant's remarks, applicant argues that the prior art of record does not 
explicitly disclose retrieving a first communication path rule and a second communication path 
rule for an access control device, each rule comprising at least one path attribute type specifying 
at least one attribute range and at least one path operation type specifying at least one operation. 
However, the examiner agrees that the Jonas reference does not mention firewall rules and thus 
stated in the previous office action that it would be obvious to one having ordinary skill in the art 
to apply the database management technique into firewall rule management because database 
management applies to data including but not limited to firewall rules. Furthermore, firewall 
rules consisting of communication path rules and attribute range is well known in the art as 
firewall parameters and examiner has included new prior art related to firewall parameter for 
consideration. Therefore, applicant's argument is traversed. 

Conclusion 

19. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Mayer et al. U.S. Pat. No. 7016980 discloses method for analyzing one or more firewalls. 
Henderson et al. U.S. Pat. No. 7133400 discloses method for filtering data. 

20. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated fi-om the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance firom a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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